Anti-Drone Forcefield … Or Just Another Security Product?

Updated 1/1/2019

Recently, I saw a Facebook post about a new product coming out called Cyborg Unplug.

I honestly think the product idea is a pretty cool implementation of some old technology but I immediately saw a lot of confusion happening on social media. This prompted me to start writing responses. I researched it a bit and saw some related articles that immediately gave me a headache. Some people read the website and immediately took to the Internet to publish complete non-sense about how this was going to change the world. No, this isn’t a conspiracy theory or pseudoscience but some of the articles written about it fit the bill. Sorry for any confusion if you were hoping to read about Nazis in the middle of the Earth or something.

As a result, this is a general primer on “Layer 2 Networks,” “Basic Hacker Stuff,” and “What Is and Isn’t Legal.”

I’ll add in a disclaimer that everything on the product website seems legit. They make no claims that I disagree with except for one that I’ll discuss later. My disagreement comes with other websites. This is what the actual product website states:

Cyborg Unplug is an anti wireless-surveillance system for the home and workplace. It detects and kicks selected devices known to pose a risk to personal privacy from your wireless network, breaking uploads and streams.

Whether business office, restaurant, school or nightclub: it’s your territory and your rules, so make it harder for those that seek to abuse it.

What this device does is connect to your WiFi then sends out de-authentication packets to disconnect other networked devices on your network that could pose a risk. It also has a Denial of Service mode where it sends out de-authentication packets to everything it is programmed to dislike that are using WiFi in the area. Most network devices will then attempt to reconnect. I assume this product spams de-auth packets nonstop because otherwise it would be totally useless once the device reconnected. Also, the DoS mode is illegal to turn on in the US.

De-authentication packets are kind of like your router saying “Ok, goodbye” and disconnecting a device. Even though your router isn’t the one saying it in this case, the networked device hears “Ok, goodbye!” and it sounds like the router said it so it must be good, right? Time to disconnect!

You could do the same thing running Linux-Kali with the Aircrack-ng program. Doing that is, however, illegal to do on networks other than the one you own. If you were to do that, you’d run a CLI command that looks something like this:

aireplay-ng -0 5 -a (enemy network MAC address) -c (enemy device MAC) (interface device name)

That’d make 5 attempts to disconnect EnemyDevice from EnemyNetwork. Pretty simple and it can all be done with any laptop. Doing anything fancier would require a special network card.

My home router's MAC filter. Notice that it is not being used. The effort required to whitelist all 20 network devices I have is far greater than the effort it would take a hacker to spoof my thermostat's MAC info.
My home router's MAC filter. Notice that it is not being used. The effort required to whitelist all 20 network devices I have is far greater than the effort it would take a hacker to spoof my thermostat's MAC info. My home router’s MAC filter. Notice that it is not being used. The effort required to whitelist all 20 network devices I have is far greater than the effort it would take a hacker to spoof my thermostat’s MAC info.

Why would you want to do that? Watching the reauthentication handshake to help with fancy things ranging from packet spoofing, encryption cracking, etc. Generally things the normal person doesn’t care about.

Anyway, back to the device we’re talking about…

This device does that except on your own network. It’s basically the same thing as a MAC filter which can be enabled on most any router by default. MAC filters work by allowing or disallowing certain MAC addresses. MAC addresses are hard-coded into every network device that is manufactuered when it is built.

While writing this, I logged into my router and took a screenshot of what the MAC filter window looks like. You’ll notice that it’s disabled. This is because it is absolutely trivial to spoof (fake) a MAC address. That’s the point I disagree with from the product website from the opening paragraph. It is difficult to perform if you have absolutely no clue what you’re doing… but if you’re the type of person that is using these tools, you probably would find it trivial. After all, you saw how simple a de-auth command is to type in.

MAC filtering just doesn’t work. A Media Access Control number is a good way to track what network devices are doing what; however, the broadcasted MAC is not necessarily the actual MAC. If someone was going to design some type of actual spy gear, they probably wouldn’t leave it broadcasting the MAC address that is associated with SpyGear LLC.

So what is this device good for? Well, it acts as a smart filter that can alert you to devices logging onto your WiFi. However, here’s the thing: If you have an open WiFi network in the Year of Our Lord 2015, You Are Making A Big Mistake. Open WiFi is a beacon to criminals that want to do illegal things.

Let’s say someone wants to download something illegal. Use your imagination. They drive up near your house, pull out a high end WiFi antenna, and scan your network traffic to grab some MAC addresses. They see your laptop is on but not really doing anything so they’ll spoof that. They change their MAC address to appear to be your laptop, de-auth your laptop, sign on as your laptop, and then download their illegal whatever. Now it appears that your laptop was used to download illegal things via your own network. Digital forensics may clear you but the criminal has already left the county.

Ok, so let’s say you decide to enable WPA2 with AES like any responsible router-owner should. Now what benefit would the device have without doing illegal area denial-of-service attacks? Well, spy devices aren’t logging onto your WiFi… you can’t legally DoS attack anything else…. so nope. Things like drones and GoPro cameras don’t operate using WiFi. Assuming  you’ve properly configured your router and live in a country where DoS attacking random passersby is not legal, this product doesn’t do much to help the every day consumer. There’s talk about adding DoS support for Bluetooth and other standards but, again, that’s all illegal here in the US.

What it is useful for is public WiFi networks where access is trivial to obtain for customers and there is a particular concern of someone using non-modified, off-the-shelf hardware to stream camera footage live. That’s the perfect niche for this device to fill. Regular, everyday people (not corporate spies using custom built gear) trying to stream things you don’t want. You could also use it to knock Google Glass users offline which would be funny, I guess..

Ultimately, it’s a legit product that makes no claims that it can’t back up; however, there is a distinct lack of understanding by consumers as to what the product can and cannot do. That led me to write this article in hopes of clearing up a few misconceptions.

I’m filing this under Pseudoscience simply because the first article I saw on it was “ANTI-DRONE FORCE FIELD DEVELOPED” and that is both wrong and hilarious. It’s a legit product useful in certain niche situations but definitely not that.